Happy Chatter is governed by Speech Pathology Australia (SPA) and the Australian Health Practitioner Regulation Agengy (AHPRA). Confidential client data is stored online according to regulations set out by SPA and AHPRA and onsite.
Please see below links to the SPA and AHPRA Code of Ethics, and contact us if you have any questions about our compliance.
“Personal information” means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained. To provide evidence-based speech pathology services to our clients, we need to know personal information about them and others, including:
- Names, ages, genders, and other identifying information
- Medicare and health fund details (including Medicare numbers and health fund insurers and the extent of their coverage)
- NDIS participant details including goals, plan dates, funder information and extent of coverage
- Developmental, medical, ethnic, language, cultural and social histories (including practitioner information, medications, diagnoses, surgeries, and allergies)
- Disabilities and impairments
- Family histories, to the extent they may be relevant to our assessment, diagnosis and/or treatment of clients
- Support structures such as childcare, kinder, school, and other practitioner information
- Hobbies, motivations, interests, and activities in which clients and their families participate
- Financial information concerning the ability of clients to pay for our products and services.
How do we collect personal information?
We collect personal information by:
- Telephone (e.g. when clients first call us to book an appointment)
- Website enquiry form
- Social media sites (e.g. Facebook)
- Intake forms which are usually filled in by a client or carer as part of our assessment process
- Letters, reports, referrals and other documents;
- SMS and other forms of electronic communication;
- Consults and other interactions in our clinic (including groups) and electronically via Zoom, Teams, WebX or Google Meets.
Who provides the personal information?
We collect personal information from clients or those authorised to act on a client’s behalf (e.g. their parents, teachers, carers or guardians) especially when working with clients who cannot communicate their needs without the assistance of others.
We will, where practicable, make clients and their authorised guardians aware of the fact that we have collected this information and the circumstances of the collection.
Should we receive correspondence from others about clients, we will obtain consent from clients prior to communicating further with those parties.
When you give us information about other people, we rely on you to have obtained their prior consent and on you to tell them of the types of third parties we may provide the information to and why.
We collect personal information to deliver, review and improve our services. Generally, these services and products relate to Speech Pathology and Occupational Therapy. Without this information, we are unable to provide our services to you in accordance with the standards required by law, the SPA Code of Ethics, and AHPRA’s Code of Conduct.
The information is also used:
- For administrative purposes of managing our business
- To fulfil our obligations under law, regulation and/or SPA’s Code of Ethics and AHPRA’s Code of Conduct
- For billing management (either directly or through funders)
- Discussions between clinicians working at our clinic related to the care of clients
- Discussions and other communications with doctors, other health professionals, and education professionals in relation to client care
- Discussions with funders
- Any insurance or compensation or other claims or litigation (including threatened litigation).
Who can access personal information?
Personal information may be seen or used by people working for or on behalf of Happy Chatter and other service providers including (without limitation):
- The directors and administrative staff
- Happy Chatter clinicians (employed or contracted)
Unless a client’s safety is at risk, we will obtain consent from clients prior to sharing personal information with the following service providers. Consent may be obtained via referrals, consent forms, and emails.
- Doctors, other health professionals, and education professionals
- Happy Chatter’s third-party professional advisors and service providers, including (without limitation) lawyers, insurers, accountants, auditors, tax consultants, actuaries, management consultants and IT service providers
- Medicare, private health insurance providers, NDIS planners, plan managers, and other private funders.
Anonymous persons who wish to use a pseudonym or who do not provide us with enough information to properly identify them for the purposes of providing services and products are not permitted access to personal information.
We will not rent, sell, trade or otherwise disclose to any other third parties any personal information about you without your consent, or unless we are required by law (including pursuant to a court or tribunal order), or where a permitted general situation (including a permitted health situation) exists within the meaning of the Privacy Act 1988, or if we reasonably believe disclosure is necessary for enforcement-related activities.
To promote the safety and welfare of vulnerable children in Victoria, the Children, Youth and Families Act 2005 (VIC) requires registered practitioners such as Speech Pathologists and Occupational Therapists to take reasonable steps to proactively exchange information, and co-ordinate the delivery of services, with DHHS, schools, non-government organisations, the Family and Federal Courts, the police and other prescribed bodies in Victoria if, in the course of practising their profession, clinicians form a belief on reasonable grounds that a child is in need of protection from significant harm.
These obligations generally override confidentiality and privacy rights. More information is available at https://providers.dffh.vic.gov.au/mandatory-reporting
Security and Data Retention
We take all reasonable precautions to prevent unauthorised access to, modification of, disclosure, misuse or loss of that information as required by law.
Our directors and staff have reviewed the requirements of the Privacy Laws and our third-party service providers are aware that they are required to comply with the requirements of the Privacy Act 1988.
We have data protection measures in place (including password-locked computers) when we store personal information electronically. Cloud-based data is protected as much as reasonably possible by passwords and third-party security and hosted on Australian servers. Our hard copy health records are stored in a locked filing cabinet onsite accessible only to authorised staff.
Disposal of Information
If we no longer need personal information about you for any purpose described above, then we will take reasonable steps to destroy the information or to ensure that such information is de-identified. This obligation is subject to an important exception – under the Health Records Act 2001 (VIC), we are obliged to retain health information:
(a) about adults for 7 years from the last time we provided them with a service or product; and
(b) about children, until the individual has attained 25 years of age.
We take reasonable steps to ensure that personal information we collect about or from clients is accurate, complete, up-to-date and relevant whenever it is used, collected or disclosed. Subject to the recognised exceptions to access for organisations contained in the Australian Privacy Principles (APP12.3), clients have a right to access their information (subject to any privilege or legal restrictions); and, if it is reasonable and practicable to do so, we will give access to the information in the manner requested. By law, we may charge a reasonable fee to cover the cost of retrieving and processing the information.
If you believe personal information that we hold is inaccurate, out-of-date, incomplete or misleading, we will, on receipt of your request, take steps that are reasonable in the circumstances to correct the information.
Personal information outside Australia
Given the increasing globalisation of electronic information systems and the businesses of service providers, it is likely that personal information may be disclosed to a person or entity outside Australia (e.g. to a third-party service provider managed outside Australia). For the same reason, it is not practicable to specify the countries in which such recipients may be located.
If your personal information is disclosed by us to an overseas recipient (e.g. to an insurer or IT-service provider), we will take reasonable steps in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
We may record your email address if you transmit it to us electronically in an email message or through a web page form.
If you believe your privacy has been prejudiced by something we have done or failed to do, you have a legal right to lodge a complaint.
For clinic matters, the Practice Manager can be contacted by phone, email or in writing.
We will respond to you within 15 days of receiving your complaint, unless the complaint is made during an extended closure period such as Christmas holidays. If you are not satisfied with our response, you can refer your compliant to our Director.
If you have any questions about this policy, or have any concerns about the personal information you or others have given us about you, please contact us.
More information on the Privacy Act 1988 (Cth) can be found on the website of the Office of the Australian Information Commissioner.
Last updated: August 2021.